Closed wseltzer closed 2 years ago
lknik
commented
4 years ago Differential privacy applied for web features? That would sound interesting. I wonder how practical, though :)
The way it "works" now is by linking to example of past similar issues (i.e. like with the gyroscope/accelerometer), but indeed no devoted section. It seems some current example (+maybe new, including ambient light sensors) could be reused here too. But I'm still speaking of a quasi-continuous sensor-like API.
pes10k
commented
4 years ago Re discussion about entropy, device identifier identifiability, and storage areas:
I suggest setting aside for now the specifics of the argument, and just thinking of the issue / ask to reduce the identifiability of device ids as an application of the principal "whenever there is a more private option, that is at least as functional to users, always prefer the more privacy-protecting option". That seems to be the case here, regardless of whether the privacy improvement is small or large
pes10k
commented
2 years ago closing this since theres been no new discussion, but please reopen if others disagree
Discussion with a reader from another WG suggested that the document might gather some of the possible mitigations for identifier privacy leaks under a new subhead in the mitigations section.
e.g.: aggregation, obfuscation, reduced granularity, differential privacy, statistical reporting, identifier rotation, randomization, delegation to a trusted party or component and then stripping the identifier, finding a non-identifier way to solve the problem.